Post on 21-May-2020
transcript
Simone Brunozzi ( @simon )Senior Technology Evangelist, Amazon Web Services
Better, Faster, Stronger web appswith Amazon Web Services
“Knowledge starts from great questions.”
(from the previous presentation)
“Knowledge starts from great questions.”
growsgrows
with inspiring answers”with inspiring answers”
BETTER
CloudSearch
Going Global
AWS Support
AWS Data Pipeline
Elastic Load Balancer
FASTER
CloudFront
DynamoDB
ElastiCache
Elastic Beanstalk
STRONGER
Security
IAM
VPC
Securing Apache/NGINX
Durability
BETTER FASTER STRONGER
CloudFront
DynamoDB
Security
IAM
CloudSearch
VPC
Going Global
ElastiCache
Securing Apache/NGINX
AWS Support
AWS Data Pipeline Durability
Elastic Beanstalk
Elastic Load Balancer
BETTER FASTER STRONGER
AWS Data Pipeline
Process/Move dataTo/From AWS or on-premise sourcesScheduled intervals
(Video)
BETTER FASTER STRONGER
AWS Support
One-on-one, fast response support channel Always available
Experienced support engineers
x
y
Four Different plans
9
AWS Support: a Swiss knife
9
Reactivetroubleshooting
Help to get started with AWS
Recommendations on security, costs, and
availability Discuss architecture and best practices
Integrate the 150+ annual AWS feature
releases
Configuration help for a growing list of 3rd party software
AWS Support: a Swiss knife
AWS Support plans
Free
10
Basic
49 $ / month
Developer
(Min: 100 $)% of your AWS monthly bill:10%: 0-10k7%: 10k-80k5%: 80k-250k3%: 250k+
Business
(Min: 15,000 $)% of your AWS monthly bill:10%: 0-150k7%: 150k-500k5%: 500k-1M3%: 1M+
Enterprise
What do you get? (1)
11
Basic Developer Business Enterprise
YESCustomer Service 24/7/365 YES YES YES
YESSupport forums YES YES YES
YESDocumentation, guides YES YES YES
health checksAccess to Technical support E P/C/E P/C/E/TAM
-Named contacts 1 5 Unlimited
-Response time 12 hours 1 hour 15 minutes
-Architecture support Building blocks Guidance App Architecture
-Best practice guidance YES YES YES
-Client side diagnostic tools YES YES YES
What do you get? (2)
12
Business Enterprise
Identity Access Management (IAM) YES YES
Direct routing to Senior Support Engineers YES YES
Third party Software Support (beta) YES YES
AWS Trusted Advisor (beta) YES YES
Infrastructure Event Management contact us YES
Direct Access to TAM (Technical Account Manager) - YES
White-Glove Case Routing - YES
Management Business Reviews - YES
AWS Trusted Advisor
AWS Trusted Advisorin action
15 (Video)
BETTER FASTER STRONGER
AWS CloudSearch
A fully-managed search service in the cloud Easy to integrate fast and scalable search functionality
BETTER FASTER STRONGER
AWS CloudSearch
A fully-managed search service in the cloud Easy to integrate fast and scalable search functionality
• Faceted search
• Field weighting
• Stemming, Synonyms, Stop Words
• Autoscaling
• Index distribution / partition / replication
(Video)
BETTER FASTER STRONGER
Going global: AWS Regions
http://aws.amazon.com/about-aws/globalinfrastructure
(as of Jan 10th, 2013)
Regions (8) GovCloud Regions (1)
BETTER FASTER STRONGER
Availability Zones
http://aws.amazon.com/about-aws/globalinfrastructure
(as of Jan 10th, 2013)
Availability Zones (23)
BETTER FASTER STRONGER
CloudFront / Route 53
http://aws.amazon.com/about-aws/globalinfrastructure
(as of Jan 10th, 2013)
Edge Locations (39)
Dallas (2)
St.LouisMiami
JacksonvilleLos Angeles (2)
Palo Alto
Sea>le
Ashburn (2)
NewarkNew York (3)
DublinLondon (2) Amsterdam (2)
Stockholm
Frankfurt (2)Paris (2)
Singapore (2)
Hong Kong (2)
Tokyo (2)
Sao Paulo
South Bend
San Jose
OsakaMilan
Sydney
Madrid
BETTER FASTER STRONGER
AWS Support
http://aws.amazon.com/about-aws/globalinfrastructure
(as of Jan 10th, 2013)
Customer Service & Technical Support
Remote TAMs (Technical Account Manager)
BETTER FASTER STRONGER
Elastic Load Balancer
Automatically balances traffic across EC2 instancesProtocols: HTTP, HTTPS, TCP, SSL, or CustomOne or multiple Availability ZonesAutomatic health checks
BETTER FASTER STRONGER
CloudFront
DynamoDB
Security
IAM
CloudSearch
VPC
Going Global
ElastiCache
Securing Apache/NGINX
AWS Support
AWS Data Pipeline Durability
Elastic Beanstalk
Elastic Load Balancer
BETTER FASTER STRONGER
Amazon ElastiCache
DatabaseWeb
Server
BETTER FASTER STRONGER
Amazon ElastiCache
Cache
DatabaseWeb
Server
BETTER FASTER STRONGER
Amazon ElastiCache
• Memcached-compliant
• Different cache node types
• Monitoring statistics
• Dynamic scaling
• Automatic failure detection / recovery
• Automatic software patching
BETTER FASTER STRONGER
Amazon DynamoDB
• NoSQL key-value store
• Provisioned throughput (automated scaling)
• Fully distributed
• Fault tolerant
BETTER FASTER STRONGER
AWS Elastic Beanstalk
BETTER FASTER STRONGER
AWS Elastic Beanstalk
PHP Python Ruby .NET Java
Passenger IIS TomcatApache
Visual Studio EclipseGit
BETTER FASTER STRONGER
AWS Elastic Beanstalk
Passenger IIS TomcatApache
BETTER FASTER STRONGER
AWS Elastic Beanstalk
PassengerIISTomcatApacheweb/app server
BETTER FASTER STRONGER
AWS Elastic Beanstalk
web/app server
BETTER FASTER STRONGER
AWS Elastic Beanstalk
MasterDB
web/app server
web/app server
Elastic Load Balancer
IP
StandbyDB
web/app server
BETTER FASTER STRONGER
• Easy deploy / rollback
• Monitoring metrics (CloudWatch)
• Receive SNS notifications (health, add/remove servers)
• Access server log files
• Quickly restart the entire stack
• Custom application server settings
AWS Elastic Beanstalk
BETTER FASTER STRONGER
CloudFront
What’s new?
• New Edge locations
• Support for cookies
• Price classes (exclude edge locations based on cost)
• New access log fields
• Front End Optimization (compression, rendering, etc)
• Dynamic content from EC2 (query / cache parameters)
BETTER FASTER STRONGER
CloudFront
DynamoDB
Security
IAM
CloudSearch
VPC
Going Global
ElastiCache
Securing Apache/NGINX
AWS Support
AWS Data Pipeline Durability
Elastic Beanstalk
Elastic Load Balancer
BETTER FASTER STRONGER
Durability
EC2 internal storage: ephemeral.EBS: redundant.S3: designed for high durability.Glacier, compared to S3: delayed retrieval, lower price.
RDS: backups to Amazon S3.DynamoDB: use AWS Data Pipeline to backup to S3.EBS: snapshots to S3.
BETTER FASTER STRONGER
Amazon Virtual Private Cloud (VPC)
Launch a private section of the AWS Cloud, with user-defined network topology and security/routing rules.
Start using VPC today - No excuses.
(Video)
BETTER FASTER STRONGER
Security
[ Shared Responsibility Model ]
BETTER FASTER STRONGER
Security
BETTER FASTER STRONGER
Security
BETTER FASTER STRONGER
Security
Security Groups
Credentials
EncryptionYour apps
BETTER FASTER STRONGER
Securing Apache/NGINX
• ModSecurity (currently 2.7)
• Proper security guides (e.g. RHEL 6.0 Security Guide)
• Remove unnecessary modules / services / daemons
• SSH using a Bastion Host
• Patch / Update
• Hide version
• Use “smart” access (e.g. strong passwords / certificates)
• Run it within VPC!
BETTER FASTER STRONGER
IAM
Control access to AWS services and resources for your users, with users/roles/permissions.
• Separate Master Account from everything else
• Cross-account API access
• Temporary security credentials (remember?)
• Multi-Factor Authentication (MFA)
(Video)
http://aws.amazon.com/
http://aws.amazon.com/awspodcast
Simone Brunozzi ( @simon )Senior Technology Evangelist, Amazon Web Services
Simone Brunozzi ( @simon )Senior Technology Evangelist, Amazon Web Services
Better, Faster, Stronger web appswith Amazon Web Services
Thank you!